Tuesday, April 03, 2018

Brian Krebs and I were both on the same mission
today – to get Panera Breach to secure their customer data. I had
been alerted to the situation by a reader who saw a paste explaining
it all and revealing some customer data. Brian heard about it
earlier from security researcher Dylan Houlihan, who
had first notified Panera
of the problem last year, he told Brian. Brian reports:

Panerabread.com, the Web
site for the American chain of bakery-cafe fast casual restaurants by
the same name, leaked millions of customer records — including
names, email and physical addresses, birthdays and the last four
digits of the customer’s credit card number — for
at least eight months before it was yanked offline earlier today,
KrebsOnSecurity has learned.

The data available in plain text from
Panera’s site appeared to include records for any customer who has
signed up for an account to order food online via panerabread.com.
The St. Louis-based company, which has more than 2,100 retail
locations in the United States and Canada, allows customers to order
food online for pickup in stores or for delivery.

Equifax,
which suffered a massive data breach in 2017 that exposed the
personal information of nearly
150 million consumers, has been sending out erroneous
notification letters to a “small percentage” of those affected,
the company confirmed Monday.

Hackers breached the credit reporting
agency’s records, exposing data belonging to millions of accounts
monitored by Equifax. Since then, the company has been reaching out
to people who were affected by the breach, offering free credit
monitoring and other remediation efforts.

Yet an apparent glitch in Equifax's system has
generated a batch of letters containing incorrect personal data,
raising questions about the efficacy of the company's efforts — or
whether there might be more shoes to drop. Since it first disclosed
the breach last year, Equifax has upwardly
revised the numbers affected on at least two separate occasions,
though the latest group of consumers exposed did
not include Social Security numbers, according to the company.

I wonder if anyone asked the students how to
secure their school? Lots of talk about how smart they are, but the
actions taken suggest they will still be ignored.

Inside the school, administrators handed out the
students' newest mandatory accessories: a see-through backpack much
like the ones required at some stadiums and arenas, and an
identification badge they must wear at all times.

… Senior Delaney Tarr tagged Rubio in a tweet
of a picture of her bag with feminine products and the orange price
tag attached to it.

"Starting off the last quarter of senior year
right, with a good ol' violation of privacy!" she said in
another tweet.

In addition to displaying the orange tag, senior
Carmen Lo stuffed a sign into her backpack that read "this
backpack is probably worth more than my life."

… "You know it's only difficult because
if we were being listened to and common sense gun legislation was
brought into play we wouldn't need all of this to be safe."

Reveal
– Center for Investigative Reporting: “National Park Service
officials have deleted every mention of humans’ role in causing
climate change in drafts of a long-awaited report on sea level rise
and storm surge, contradicting Interior Secretary Ryan Zinke’s vow
to Congress that his department is not censoring science.

… Originally drafted in the
summer of 2016 yet still not released to the public, the National
Park Service report is intended to inform officials and the public
about how to protect park resources and visitors from climate change.

… The 87-page report, which was written by a
University of Colorado
Boulder scientist, has been held up for at least 10 months, according
to documents obtained by Reveal. The delay has prevented park
managers from having access to the best data in situations such as
reacting to hurricane forecasts, safeguarding artifacts from
floodwaters or deciding where to locate new buildings…”

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.